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ON THE QUADRATIC FORMULA MODULO N 


STEVE WRIGHT 

Abstract. Let a, b, c, and n be integers, with a nonzero and n at least two. Necessary and 
sufficient conditions on these parameters are derived which guarantee that all solutions of 
the congruence 

ax 2 +bx + c = 0 mod n 
are given precisely by the solutions of 

2 ax = —b + s mod n, 

where s varies over all solutions of 

x 2 = b 2 — 4 ac mod n. 

Corollaries of this result are deduced for prime-power moduli and some illustrative examples 
are also presented. 
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1. Introduction 

Let a, b, c, and n be fixed integers, with a nonzero and n at least two. In Section IV 
of the Disquisitiones Arithmeticae, Gauss presented a complete and elegant solution of the 
quadratic congruence 

(1.1) ax 2 + bx + c = 0 mod n. 

By completing the square in ax 2 + bx + c, it is easy to see that if d = b 2 — 4 ac is the 
discriminant of the quadratic, then the solutions of (1.1) are obtained as the solutions of 

(1.2) 2 ax = — b + s mod 4cm, 
where s varies over all solutions of 

(1.3) x 2 = d mod 4cm 

that are pairwise incongruent mod 2 an. Thus the solution of (1.1) is reduced to the solution 

of the “pure” quadratic congruence (1.3) (Gauss’ terminology), and it is the solution of this 

latter congruence, which we will call the (modular) square-root problem, that Gauss devotes 
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his attention to in the Disquisitiones. Needless to say, Gauss’ work here is a milestone of 
number theory, and has been a guide and inspiration to the subject ever since. 

By setting s = \/b 2 — 4 ac, one may write (1.2) as 

2 ax = — b + \/b 2 — 4ac mod 4an, 

which is reminiscent of the quadratic formula for quadratic equations from secondary-school 
algebra. If one wants an exact analog of the quadratic formula, one would require that all 
solutions of (1.1) are determined from the equation 

(1.4) 2 ax = —b + s mod n, 

where s varies over all solutions of 


(1.5) 


x 2 = d mod n. 


One would then want to find all solutions of (1.4) by simply “dividing” by 2a, i.e., multiplying 
by an inverse of 2 a mod n to obtain 

—b + 'JW 


( 1 . 6 ) 


4ac 


x = 


2 a 


mod n. 


Since this requires the existence of the indicated inverse, a necessary condition for the solu¬ 
tions of (1.1) to be given by (1.6) is to have 2 a and n relatively prime, and a simple argument 
shows that this is also sufficient. We will refer to the solution of (1.1) that is given by (1.2) 
and (1.3) as the general form of the quadratic formula, and we will call the solution of (1.1) 
given by (1.4)-(1.6) the exact form. 

When it can be applied, the exact form of the quadratic formula is obviously a more 
efficient way to solve (1.1) than the general form; the disadvantage is that is requires the 
rather restrictive condition of the relative primality of 2 a and n. A question which thus 
naturally occurs asks if (1.4) and (1.5) (but not necessarily (1.6)) can be used to solve (1.1) 
without this condition, and if so, to determine precisely for which moduli n this can be done. 
We will say that the intermediate form of the quadratic formula (IQF) is valid if (1.4) and 
(1.5) completely solve (1.1). The purpose of this paper is to show that IQF can indeed hold 
when 2 a and n are not relatively prime and to characterize precisely the moduli for which it 
is valid. The answer is given by Theorem 6.1 in Section 6 (see also Definition 3.4 in Section 
3) and is, at least to us, surprisingly subtle. Moreover, our methods are entirely elementary; 
indeed, everything required for our analysis (and much more!) is already contained in the 
Disquisitiones. 

We will now briefly describe the contents of the paper. In Section 2, we introduce notation 
and terminology (most of which is quite standard) that will be used throughout the sequel 
and state the results on which the rest of our work depends, the most essential of which is 
Gauss’ solution of the square-root problem. The analysis of IQF begins in Section 3, where it 



3 


is reduced to two statements relating the set of all solutions of (1.1) to the set of all solutions 
of an associated congruence. Three results required for the study of these solution sets are 
also established. Necessary and sufficient conditions for the reduction in Section 3 to be valid 
are derived in Sections 4 and 5. Section 6 contains the main result, Theorem 6.1, which is 
an immediate consequence of the work of the previous three sections. Two corollaries for 
prime-power moduli are deduced from it, and some illustrative examples are also presented. 

2. Preliminaries 

We begin with some notation and terminology that will be used systematically throughout 
the remainder of this paper. Let Z denote the set of integers, and Z + the set of positive 
integers. The symbol 0 will denote the empty set. If p is a prime number and z is an integer, 
we will let p p (z) denote the multiplicity of p in z, and take p p (z) = 0 if p is not a factor of z. 
If a and b are integers, then (a, b) will denote the greatest common divisor of a and b. For 
a, 6, c G Z, we set 

q(x) = ax 2 + bx + c, 

and let d = b 2 — 4 ac denote the discriminant of q(x). 

If n is a positive integer, we will say that an integer a is a quadratic residue or non¬ 
residue of n if the equation x 2 = a mod n either does, or does not, have a solution x in 
Z. The set of quadratic residues of n will be denoted by Q(n). The following proposition 
will prove quite useful to us, and is a simple consequence of the difference-of-two-squares 
factorization identity and the Chinese remainder theorem. We note here that in all of what 
follows, a solution to a modular congruence will always mean a solution that is nonnegative 
and minimal with respect to the relevant modulus, i.e., if n is the modulus and a is a solution, 
then 0 < a < n. 

Proposition 2.1. If k,l G Z + , (k, l ) = 1, and a G Z, then a is a solution of x 2 = a mod ( kl ) 
if and only if there exist solutions k and X of x 2 = a mod k and x 2 = a mod l, respectively, 
such that a = k mod k and a = X mod l. 

Corollary 2.2. Ifk,l G Z + and ( k,l ) = 1, then 

Q{kl) = Q(k) Cl Q(l). 

Our study of the intermediate form of the quadratic formula will make essential use of 
Gauss’ beautiful solution of the square-root problem as set forth in Disquisitiones Arithmeti- 
cae. We will now describe this solution in detail. 

Let p be a fixed prime, k G Z + ,u G Z. We suppose first that u G Q(p k ) and consider 
solutions cr of the congruence x 2 = u mod p k . In [1, article 104], we find these solutions 
determined as follows: 
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I. Suppose first that u is not divisible by p. If p = 2 and k — 1 then a — 1. If p is odd or 
p = 2 = k then cr has exactly two values ±<7o. Finally, if p — 2 and k > 2 then cr has exactly 
four values ±<To and ±cro + 2 fc_1 . 

II. If u is divisible by p but not by p k , let 2 p = p p (u) (which necessarily must be even 
when u G Q(p k )) and let u = U\p 2/i . Then cr is given by the formula 

c t'p 1x + ip i G {0,1,... - 1}, 

where cr' varies over all solutions, determined according to I, of the congruence 

x 2 = u i mod p fe_2/ L 

III. If u is divisible by p k , and if we set k = 2 m or k — 2m — 1, depending on whether k 
is even or odd, then a is given by the formula 

t P m , % e {o,..., P k ~ m - l}. 

If v is now an arbitrary modulus greater than 1 and u G Q(v), then the solutions cr of 
x 2 = u mod v are given precisely via the prime factorization p" 1 • • • of v and Proposition 
2.1 by the recipe 

cr= 'u t mod p“' 1 , 

where u.i is any solution, determined according to I, II, or III, of 

x 2 = u mod p ai ,i = 1 

We will refer to all of this as Gauss’ solution of the square-root problem. 

3. Analysis of IQF: the Initial Reduction 

In this section we determine a condition equivalent to the validity of IQF that relates the 
solution set of q(x) = 0 mod n to the solution set of an auxiliary congruence. We also 
establish some lemmas that will be used to study this relationship more closely. 

Let a, b, c, and n be fixed integers with n > 1 and a nonzero. Let d = b 2 — 4 ac and 
q{x) = ax 2 + bx + c. In all of what follows, the phrase “IQF is true” will mean that IQF is 
true for the congruence q(x) = 0 mod n. Completion of the square in q(x) shows that 
(3.1) IQF is true if and only if for all x G Z, 4 aq(x) = 0 mod n if and 
only if q(x) = 0 mod n. 

Now let r = (a,n),ai = a/r, and k = multiplicity of 2 in n/r. Then n = 2 k rm, where 
m is odd and (ai,2 fc m) = 1. In particular, a\ is odd if k > 0 and (2a, n) > 1 if and only if 
either r > 1 or k > 0. 

Lemma 3.1. Let z G Z. If k — 0,1, or 2, then 4az is divisible by n if and only if z is 
divisible by m. If k > 3, then 4az is divisible by n if and only if z is divisible by 2 k ~ 2 m. 
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Proof. If z G Z then 4 az is divisible by n if and only if 4aiz is divisible by m if k — 0, 2a±z 
is divisible by m if k — 1, a\z is divisible by rn if k — 2, or a\z is divisible by 2 k ~ 2 m if k > 3. 
Since m is odd, (ai,m) = 1, and a\ is odd for k > 0, it follows that (m, Gq) = (m,2ai) = 
(m,4«i) = 1, and {2 k ^ 2 m, a\) — 1 if k > 3. The conclusions of the lemma are now simple 
consequences of all of this. QED 

Let 


Q 


{if Z: q(x ) = 0 mod m}, if k — 0,1, or 2, 
{x G Z : q(x) = 0 mod 2 k ~' 2 m}, if k > 3, 


T = {x G Z : q(x) = 0 mod n}. 

It is now an immediate consequence of (3.1) and Lemma 3.1 that 

IQF is true if and only if Q = T. 

In light of this observation and the fact that T C Q 1 IQF will thus be valid if and only if 
either 

(3.2) <2 = 0, 
or 

(3.3) 0 ^ Q = T. 

The derivation of necessary and sufficient conditions which guarantee the validity of (3.2) 
and (3.3) will be carried out in Sections 4 and 5, respectively. 

The following lemma will play a pivotal role in our analysis of (3.3) in Section 5. In order 
to state it, we first let u, v G Z + , with q(x) and d as specified at the beginning of this section. 
If 5 0 (respectively, 5i) denotes the set of all solutions of x 2 = d mod 4 auv (respectively, 
x 2 = d mod 4 av) that are pairwise incongruent mod 2 auv (respectively, mod 2 av), then we 
set Ej = {a G Si : cr = b mod 2a}, i = 0,1. We note that E 0 (respectively, Ei) is uniquely 
determined up to congruence mod 2auv (respectively, mod 2 av). 

Lemma 3.2. If u,v G , q(x) and d are as specified at the beginning of this section, E 0 
and Ei are as defined above, 

<2o = {x G Z : q(x) = 0 mod uv}, 

Qi = {x £ Z: q(x) = 0 mod u}, and 

Si =the set of all elements of Qi minimal and nonnegative with respect to the 
appropriate modulus, i — 0, 1, 
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then the following statements are equivalent: 

(a) 0 7^ Qi = Qo! 

(i b ) 0 ^ Si and S 0 = (s + jv : s G Si, j G {0, ..., u — 1}}; 

(c) 0 7^ £i and for each a G £i and j G {0, ... ,u — 1} , t/iere exista o' G So such that 

o' = o + 2 ay) mod 2auv. 

Furthermore, if (2a, mu) = 1 and if 

£g = the set of all solutions of x 2 = d mod uv, 

£) = the set of all solutions of x 2 = d mod v, 

then (a), (b ), and (c) are equivalent to 

(d) 0 7^ £( and £g = {<r + jv : o G £), j G {0, ...,u — 1}}. 

Proof, (a) =>■ ( 6 ) Let 62 denote the set on the right-hand side of the equation in (b). Then 
S 2 C [0, uv'). We have by (a) that 

>?2 c + uZ = Qi = Qq. 


But Si + vZ C S *2 T uvZ, hence 

Qo = Qi F S 2 uv Z C Q 0 , 

i.e., Qo = S 2 + uvZ, and ( b ) is an immediate consequence of this. 

(■ b ) =>■ (a) Clearly Q 1 7 ^ 0 and Qo ^ Qi- Hence from ( 6 ), we obtain 

Qi — T uZ C S 2 -t~ uv Z = Sq T uv Z = Qo’ 


( 6 ) =>■ (c) By the general form of the quadratic formula, the elements of S 0 (respectively, 
Si) consist precisely of the nonnegative minimal residues mod uv (respectively, mod v) of 


o — b 


, o G £0 (respectively, o G £ 1 ) 


(here we mean ordinary division and not multiplication by an inverse relative to the modulus). 
We evidently have £1 7 ^ 0, so let o G £1 and j G {0,... ,u — 1}. Then there exists s G Si 
such that 


o — b 


= s mod v , 


hence one may find j' G {0,..., u — 1} such that 


o — b 


+ jv = s + j'v mod uv. 


Now from (b), s + j'v G So, and so there is a o' G £0 such that 


■/ o - b 

s + 1 v =- mod uv. 

2 a 
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It now follows from (3.4) and (3.5) that 

o' = a + 2avj mod 2 auv. 


(c) ( 6 ) Clearly Si 0. If S 2 is as it was before, then So C S 2 . In order to verify the 

reverse inclusion take s + jv G S 2 and hnd c G S 1; / G {0,for which 


s + jv 


o — b 
2 a 


+ j'u mod uv. 


By (c), there exists o' G E 0 such that 


s + jv 


o' — b 
2a 


mod uv, 


and so s + jv G Q o- Since 0 < s + jv < uv, it follows that it must also be in S 0 . 

Next, suppose that (2a, uv) = 1. We will show that ( b ) is equivalent to (d). Since 
( 2 a, uv) = 1 , the exact form of the quadratic formula shows that there is a bijection between 
Si and E',i = 0,1. If ( 6 ) is true, then E ' 0 hence has the same cardinality as the set S 2 on 
the right-hand side of the equation in (d). But the inclusions 


Sq C + vZ C E' + uv Z 


hold, and so E(, C E' 2 , since both sets are contained in [0, uv). Since E(, and S 2 have the same 
(finite) cardinality, they must hence be equal. An exchange of the roles of Si and E', i — 0,1 
in this argument proves that ( b ) is a consequence of (d). QED 

The next two results will provide us with the tools we need to derive conditions which 
insure the validity of (3.2). The first gives necessary and sufficient conditions for a quadratic 
congruence to have no solutions and the second is a quadratic residue calculation that will 
prove useful. 


Proposition 3.3. Let a, b, c, n, d and q(x) be as specified at the beginning of this section. 
The congruence q(x) = 0 mod n has no solutions if and only if either 

(a) d is a quadratic non-residue of Aan, or 

(b) d is a quadratic residue ofian and there exists a prime factor p of 2a with the following 
properties: if a is the multiplicity of p in 4 an and f3 is the multiplicity of p in 2a, then 

(i) 1 < /3 < a; 

(ii) b is divisible by p and d is divisible by p 2 ; 

(Hi) if d is not divisible by p a , 2/a is the multiplicity of p in d, d = dip 2fl and E is the set 
of all solutions of x 2 = d x mod p a ~ 2 ^ } then 


(3.6) 


op 11 + ip a M ^ b mod p 13 , V o G E, V i G (0,1,...,/- 1}; 



(iv) if d is divisible by p a and s is chosen so that a = 2s if a is even or a = 2s — 1 if a 
is odd, then 

(3.7) ip s ^ b mod p 0 , Vie. {0,1,... ,p a ~ s — 1}. 

Proof It follows from the general form of the quadratic formula that q(x) = 0 mod n has 
no solutions if and only if either (a) is true or 

(b) ' d e Q(4an) and y ^ b mod 2a for every solution y of x 2 = d mod 4an. 

Prime factorization in concert with Proposition 2.1 shows that (b)' is equivalent to the 
statement 

(c) d e Q(Aan) and there is a prime factor p of 2 a with the following property: if a = 
p, p (Aan), f3 = p p (2a) then y ^ b mod p 0 for every solution y of x 2 = d mod p a . 

Thus it suffices to show that ( b ) and (c) are equivalent, and since ( b ) obviously implies (c) 
in light of Gauss’ solution to the square-root problem, we need only establish the converse. 
We hence assume that (c) is true. Observe first that 

(3.8) b 2 = d mod 4a. 

It follows that (5 < a\ otherwise (c) would be false. Suppose that p is odd. If p does not 
divide b, it follows from (3.8) and [1, article 101] that there is a solution of x 2 = d mod p a 
that is congruent to b mod p 0 , again contrary to (c). Hence b is divisible by p. Suppose that 
p — 2 and b is odd. Then d is odd by (3.8), and so every solution y of x 2 = d mod 2 a is 
also odd. If /3 = 1 then y ^ b mod 2 for all such y, i.e., y and b have opposite parity, which 
they do not. Thus (3 > 1. Now ^2 (4a) = 1 + ft > 2, and, by (3.8), d e Q(2 l+0 ). Hence 
d = 1 mod 8 [1, article 103] and so by (3.8) and [1, articles 88 and 103], there is a solution 
of x 2 = d mod 2 a that is congruent to b mod 2 0 , and hence (c) is contradicted yet again. 
Thus b is even if p — 2. It follows that p 2 divides d, and so either (Hi) or (iv) of (b) must 
hold, each being simply a restatement of the conclusion of (c) using the explicit solutions of 
x 2 = d mod p° that result from Gauss’ solution of the square-root problem. Suppose finally 
that (3 = 1. Then we set i = 0 in either (3.6) or (3.7) to conclude that either ap M ^ 0 mod 
p or b ^ 0 mod p, neither of which can be true, since p divides b and /i > 0. Hence (3 > 1. 
QED 

Definition 3.4. If p is a prime number, a, (3 e Z + , and b,d e Z, then we will say that 
(p a ,p 0 ) forms a (b, d)-obstruction if either condition (b)(iii) or condition (b)(iv) in Proposi¬ 
tion 3.3 holds for p, a , (3 , b , and d. 

Lemma 3.5. Let a, n, m, and k be as specified at the beginning of this section. 

(a) If k = 0,1, or 2, then Q(n) D Q(4a) = Q(Aam); 
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( b) If k > 3, then Q{n ) D Q{Aa) = Q{2 k am ). 

Proof. If r = ( a,n),p = /i 2 (r),ai = a/r, and a = /^(ai), then we have the factorizations 

n = 2 k+p r 1 m, 4 a = 2 p+cr+2 r 1 si, 

2 e am = 2 £+p+a riSim, £ = 2 or k, 

where m,r i, and si are all odd and (m,s i) = 1. Using these facts, Corollary 2.2, and the 
prime factorizations of n, 4 a, and 2 £ am, we can find a subset X of Z such that 

(3.9) Q(n ) n Q(4a) = Q(2 k+p ) n Q{2 p+a+2 ) n X, 

(3.10) Q{f2 £ am) = Q(2 £+p+a ) n X, £ = 2 or k, 

If £ = 2 and k < 2, then 

n Q(2 p+a+2 ) = Q(2 p+a+2 ), 
and so from (3.9) and (3.10) it follows that 

Q(n) n Q (4a) = Q{2 p+a+2 ) n X = Q(Aam). 

If k > 3 then n/r is even. Since (ai ,n/r) = 1, (ii must be odd, and so a = 0. If r is even, 
then p > 0 and 

Q(2 k+P ) n Q(2 p+2 ) =Q(2 k+p ), 
and hence from (3.9) and (3.10) we obtain 

Q(n ) n Q (4a) = Q( 2 k+p ) nl = Q(2 k am). 

If r is odd then p = 0, and so 

Q(n) n Q(4a) = Q( 2 k ) n Q(2 2 ) HX = Q( 2 k ) nl = Q{2 k am). 

QED 

We close this section by noting that if h 2 — 4ac is a quadratic non-residue of n, it is also 
obviously a quadratic non-residue of 4an. It follows that both the general form and the 
intermediate form of the quadratic formula will produce no solutions of q(x) = 0 mod n, 
and so IQF is true in this situation. We record this observation as 

Lemma 3.6. Let d, n, and q(x) be as specified at the beginning of this section. If d fL Q{n) 
then IQF holds for q(x) = 0 mod n. 
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4. Q = 0 

With Proposition 3.3 and Lemma 3.5 in hand, it is now a simple matter to determine 
when Q = 0 . 

Lemma 4.1. Let a, b, d, k, m, n, and Q be as defined at the beginning of Section 3. If 
d G Q(n) then Q = 0 if and only if there is a prime factor p of 2a such that if f3 = p p (2a) 
and 

{ p. p (Aam), if k — 0, 1 , or 2, 
p p (2 k am), if k > 3, 

then 1 < f3 < a, b is divisible by p, d is divisible by pi 2 , and (p a ,pP) forms a (b,d)-obstruction. 

Proof By hypothesis, d G Q(n ) and it is always the case that d G <3(4a), and so it follows 
from Lemma 3.5 that d G Q{Aam) if k — 0,1, or 2, and d G Q{2 k am) if k > 3. The conclusion 
of Lemma 4.1 is now a consequence of Proposition 3.3. QED 

5. 0^Q = T 

We begin this section by deriving necessary conditions for 0 Q = T to be valid. We will 
then prove that these conditions are also sufficient. 

Lemma 5.1. Let a, b, c, m, n, r, k, q(x), Q, and T be as specified at the beginning of Section 
3, and let 5 = (m,r). If 0 Q = T, then 

(5.1) b and c are divisible by r, 

and 

(5.2) if k — 0, then d/r 2 G Q(m) and either 5 — 1 or S is the product of distinct odd 
primes Pi, ■ ■ ■ ,Pt , each prime p. t has even multiplicity rrp in m, and d/r 2 is divisible 

by p ? 1 ■■■&*; 

(5.3) if k = 1, then b/r is odd , either a/r or cjr is even, and d/r 2 and 5 satisfy the 
conditions specified for them in (5.2); 

(5.4) if k > 2, then r/6 and k are odd, k — 1 = p, 2 (d/r 2 ), d/(r 2 2 k ~ 1 ) = 1 mod 8 , and 

d/r 2 and 5 satisfy the conditions specified for them in (5.2). 

Proof. We begin with the verification of (5.1). Let x G Q, and deduce from the assumption 
Q = T that for all z G Z, 

q(x + zm) = 0 mod 2 k rm, if k — 0 , 1 , or 2 , 
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or 

q(x + 2 k ~ 2 zm) = 0 mod 2 k rm, if k > 3, 
from whence it follows that for all z E Z, 

^ + bz = 0 mod r, if /c = 0,1, or 2, 

m 

or 

1 X —b = 0 mod r, if k > 3. 

2 k z rn 

Thus r divides b and q(x ) and so r also divides c = g(a;) — ax 2 — bx. 

If ai = a/r, b\ = b /r, ci = c/r, gi(a;) = aix 2 + b\x + ci, mi = m/5, r\ = r/d, 
and p = /12 (ni), then a simple argument using the facts that mi and r\/2 p are odd and 
= 1 confirms that if we set 

Qo — {x E Z : qi(x) = 0 mod 2 k m}, 


Q i 


{x E Z : qi(x) = 0 mod mi}, if p > k — 2. 
(ibZ: 5 i(x) = 0 mod 2 fc_p_2 mi}, if 0 < p < k — 2, 


then Q = Qi and T = Q 0 . Hence by hypothesis, these sets are all nonempty and equal. 

We will now prove that (5.2), (5.3), or (5.4) is satisfied by dividing the remainder of the 
argument into the three cases which are determined by the possible values of k. 

Case I. Assume that k — 0. We wish to verify the conclusion of (5.2). In this case 
(2oi, m) = 1, and so it follows from the exact form of the quadratic formula and the fact 
that Qo ^ 0 that d/r 2 E Q{m). We next set mo = m, 

Sj = the set of all solutions of x 2 = d/r 2 mod rri t , i = 0,1, 

and let u — 5,v — mi in Lemma 3.2 to conclude from that lemma and the equality Qo = Q± 
that £ 0 7 ^ 0 7 ^ £i an d 

So = {a +jmi : cr G Si, j E {0,..., 5 - 1}}. 

If we now let s t = the cardinality of £*, % — 0,1, then So 7 ^ 0 7 ^ si and 

(5.5) 5si = so- 

For the next step in our argument, we will use the formula pointed out by Gauss that 
counts the number of solutions to the square-root problem. In order to state it, we let 
u,v E Z with v > 1 and u E Q(v), consider the congruence 

x 2 = u mod v, 


(5.6) 
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and let 

7 = the number of solutions of (5.6). 

Suppose first that v is a power p l of the prime p. It follows from Gauss’ solution of the 
square-root problem that 

(a) If u is not divisible by p then 7 = 1 if p = 2 and £ = 1,7 = 2 if p is odd or p = 2 = £, 
and 7 = 4 if p = 2, £ > 2; 

(■ b ) If p divides u and p f does not, let 2p = p p (u) and set u = Uip 2 ^. Then 7 
4p M if the number of solutions of x 2 = u 1 mod pis, respectively, 1, 2, or 4; 

(c) If u is divisible by p l and [•] denotes the greatest integer function, then 7 
If v is now an arbitrary modulus with prime factorization p " 1 • • • p" s and 

7 i = the number of solutions to r 2 = u mod p“', 

where 7 , is calculated according to (a), ( 6 ), or (c), i = 1 ,..., s, then 

7=nv 

i= 1 

We next make three observations that will be of use to us momentarily: 

(5.7) if p is an odd prime factor of v which does not divide u then p is not a factor of 7 ; 

(5.8) if p is an odd prime factor of v which divides u then £ 7 ,( 7 ) < p p (n); 

(5.9) every odd prime factor of 7 is a factor of v. 

If p is a prime factor of 7 then the multiplicity of p in 7 will be called the counting multiplicity 
of p with respect to u and v. 

Consider now the prime factors of m. We divide them respectively into three sets P t , P 2 , 
and P 3 : the prime factors of 6 that are not factors of rn 1 , the common prime factors of 5 and 
m 1 , and the prime factors of m\ that are not factors of 5. 

Assume that S > 1. Let p be a fixed prime factor of 5. We will use the Gauss counting 
formula and equation (5.5) to analyze the multiplicity a of p in 5. 

Begin by noting that p is odd and a factor of the left-hand side of (5.5), hence also a factor 
of the right-hand side. We conclude by observation (5.7) that d/r 2 is divisible by p. 

Suppose next that p G Pi. Then p is not a factor of rn\ and so a = p p fm). Since p is 
odd and not a factor of m 1 , it follows from observation (5.9) that p is not a factor of .Si. 
Hence a = p p (5s 1 ). If p(p) is the counting multiplicity of p with respect to d/r 2 and m then 
p{p) = £tp(so). It follows that p(p) = a = p p (m), and this contradicts observation (5.8). We 
conclude that P\ is empty. 


= p'i 2p Al or 
= pi*/ 2 !. 
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Suppose that p G P 2 . If (3 = p p (mi) then a + (3 = p p (m). If p\p) denotes the counting 
multiplicity of p with respect to d/r 2 and mi, it follows from (5.5) that 

(5.10) a + p\p) = p(p). 

If p 13 does not divide d/r 2 , and if 2p = p p (d/r 2 ), then p'(p) — p — p(p), which is not possible 
by (5.10). Hence p 13 divides d/r 2 , and so p'(p) = [/3/2]. If p Q+l3 does not divide d/r 2 then 
pip) = p. Now 2p does not exceed the largest even integer less than a + f3, hence 

T 


P < 


a 

L2J 


Thus by (5.10), 


a < 


+ 


a 

L2 


and no positive integer can satisfy this inequality. We conclude that d/r 2 is divisible by 
p a+0 . Hence p(p) = [(a + /3)/2], and so by (5.10), 




cx (3 

2 _ 


2 


OL + 

This equation implies that a = 1 and fd is odd, and so p has even multiplicity in m. Hence 
6 is the product of distinct odd primes, every prime factor p of d has even multiplicity rn(p) 
in m, and d/r 2 is divisible by 

n p m<r \ 

P&P2 

i.e., (5.2) is true. 

Case II. We next suppose that k = 1 and seek to verify the conclusion of (5.3). Take 
u = 26, v = rrii in Lemma 3.2, let Si, E i = 0,1 be as defined in that lemma with this 
choice of u and v, and thus conclude from the equality of Q 0 and Q 1 that Si, E, : , i = 0,1 
are nonempty and 

(5.11) S 0 = {s + jmi \ se Si, j e {0,1,..., 26- 1}}. 

It follows that d/r 2 G Q(8ai r m), and so d/r 2 G Q(m), and from (5.11) and the fact that 
the cardinality of Si and E, : are the same for i — 0,1, it also follows that 


(5.12) cardinality of Eo = 26 (cardinality of Ei). 

Since cq and m are odd and (ai,m) = 1, it is a consequence of Proposition 2.1 and the 
definition of E 0 that the elements of E 0 are obtained precisely as the simultaneous solutions 
a of 

a = t mod 8, 
a = a mod Oi, 
a = p mod m, 
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where r varies over all solutions of 

(5.13) r 2 = mod 8 

that are pairwise incongruent mod 4, a varies independently over all solutions of 

(5.14) a 2 = mod cp 

which also satisfy 

(5.15) a = 6 pried cp, 

and [1 varies independently over all solutions of 

(5.16) ii 2 = — mod m. 

We note that if d/r 2 is even then there is exactly one such solution r, if d/r 2 is odd there are 
exactly two such solutions, and that b\ always determines a solution of (5.14) and (5.15). 

The same reasoning shows that the elements of Si consist precisely of the simultaneous 
solutions a of 

o = r mod 4, 
a = a mod a 
a = fi mod mi, 

where r varies over all solutions of 

(5.17) t 2 = mod 4 

that are pairwise incongruent mod 2, of which there is only one such solution, a varies 
independently over all solutions of (5.14) and (5.15), and fi varies independently over all 
solutions of 

(5.18) fi 2 = — mod m\. 

It hence follows from (5.12) that if 

t = cardinality of the set of all solutions of (5.13) that are pairwise incongruent mod 4, 
s 0 = cardinality of the set of all solutions of (5.16), 

Si = cardinality of the set of all solutions of (5.18), 

then 

(5.19) 25si = ts 0 . 

Assume that 6 > 1. Since t is either 1 or 2, it follows that the analysis of S that was 
carried out in the proof of (5.2) can also be done here, with (5.19) in place of (5.5), to show 
that 6 and d/r 2 satisfy the conditions as specified for them in the conclusion of (5.2). But 
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then <5si = so, hence t — 2, and so d/r 2 must be odd. Since d/r 2 G (5(8), it hence follows 
that 

6 2 — 4aiCi = — = 1 mod 8, 

and thus b\ is odd and either cq or c\ is even. If d = 1 then sq = s 0 , hence t — 2, and we 
conclude as before that b\ is odd and either a\ or c± is even in this case as well. We have 
verified (5.3). 

Case III. Assume now that k > 2, and suppose first, by way of contradiction, that 
p > k — 2. Let u = 2 k 5, v = mi in Lemma 3.2 to conclude as before that if £$, i = 0,1 are 
defined as in that lemma with this choice of u and v, then these sets are nonempty, 

(5.20) cardinality of £q — 2 fc <5(cardinality of Sx), 


and if eo = /c + 2, e,\ — 2, and mo = m, then the elements of are given by the simultaneous 
solutions of 

a = t mod 2 e % 
a = a mod Oi, 


a = p mod nii , 


where r varies over all solutions of 

(5.21) r 2 = mod 2 ei 

that are pairwise incongruent mod 2 ei ~ 1 ,a varies independently over all solutions of (5.14) 
and (5.15), and p varies independently over all solutions of 


(5.22) 


p 2 = — mod mi, 


d 


0 , 1 . 


If s 0 and Si are defined as in the proof of (5.3) and 

Co = cardinality of the set of all solutions of (5.21) with i — 0 that are pairwise 
incongruent mod 2 fc+1 , 


then by (5.20), 


(5.23) 


2 ^5 S\ — CqSq. 


Onr strategy here, as before, is to employ a counting argument which exploits (5.23). This 
requires the calculation of Co- To that end, we first assert that 4 must divide d/r 2 . In order 
to see that, let x e Qi and deduce from the fact that Q 0 = Qi that 

(5.24) qi(x + zmi) = 0 mod 2 k m, \/z G Z. 

If we now use the fact that qi(x) = 0 mod 2 k m(x G <5o0 and take z = 2 in (5.24), we obtain 
the congruence 


2 cliX + bi + 2ai r mi = 0 mod 2, 
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i.e., 2a\x + b\ is even. Since 

(2aix + bi) 2 = — mod 4aimi, 

d/r 2 is hence divisible by 4. 

Suppose now that 2 k+ ' 2 does not divide d/r 2 . If 2/i = /i 2 (d/r 2 ), it is a straightforward 
consequence of Gauss’ solution to the square-root problem that if d/r 2 = d\ ■ 2 2 ^, then the 
solutions of (5.21) for % = 0 that are pairwise incongruent mod 2 k+l can be taken to be 

(5.25) rj ■ 2» + s ■ 2 k+2 ~ **, s E {0,..., 2^~ l - 1}, 
where rj varies over all solutions of 

(5.26) rj 2 = d 1 mod 2 fc+2 “ 2 G 
Hence 

c 0 = £- 2^ _1 , 

where £ = 1,2, or 4, depending on whether (5.26) has, respectively, 1, 2, or 4 solutions. Thus 
by (5.23), 

(5.27) 2 k Ss 1 = e • 2 M_1 s 0 . 

If 5 — 1 then s 0 — Si and we obtain 

(5.28) 2 k = £ ■ 2 M_1 . 

If 5 > 1, we reason from (5.27) as in the proof of (5.3) to conclude that 5si = s 0 , and so we 
obtain (5.28) in this instance as well. 

From (5.28) it follows that k — fi — 1, /q or fi + 1. But each of these alternatives will occur 
if and only if k + 2 — 2fi — 1, k + 2 — 2/i = 2 or k + 2 ; — 2/i > 3, respectively, and so they can 
occur only if fi — 0, which is not possible. 

We conclude that d/r 2 is divisible by 2 fc+2 . Hence if t is chosen so that k + 2 — 2t or 2t — 1, 
depending on the parity of k + 2, then the solutions of (5.21) with i = 0 which are pairwise 
incongruent mod 2 k+1 can be taken to be 

s ■ 2 t , se {0,1,..., 2 k+1 ~ t — 1}. 

Hence Co = 2 k+1 ~ t in this case, and so by (5.23), 

2 k S Sl = 2 k+1 ~ t s 0 . 

By use of the same argument as before, this equation will be true only if t — 1, i.e., k = 0, 
contrary to hypothesis. 
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It follows that p < k—2. This situation now requires that we take u = 2 p+2 5, v = 2 k p 2, mi 
in Lemma 3.2, define So and Si as per that choice, note that So ^ 0 ^ Si, 

(5.29) cardinality of So = 2 P+2 8 (cardinality of Si), 

(5.30) for each o G Si and j G {0,1,..., 2 P+2 S — 1}, there exists o' G S 0 such that 

o' = o + 2 k ~ p ~ 1 a\m\j mod 2 fe+1 aim, 

and that the elements of S 0 and Si are given by the simultaneous solutions of the same 
congruences as before via (5.14), (5.15), (5.21), and (5.22), with e 0 = k + 2 and e\ = k — p. 
If Si is defined as before and 

Cj = cardinality of the set of all solutions of (5.21) that are pairwise incon- 
gruent mod 2 ei-1 ,i = 0,1, 
then we obtain via (5.29) that 

(5.31) 2 p+2 5c 1 s 1 = c 0 s 0 . 

We check that d/r 2 is still divisible by 4, and if we suppose that 2 k ~ p does not divide d/r 2 , 
then straightforward modification of our previous reasoning show that if 2 p = p 2 (d/r 2 ) then 

Co = 2 P+1 , ci = £- 2 p -\ 

where £ — 1,2, or 4. We hence conclude from (5.31) that 2 P £ = 1, i.e., p = 0 and £ = l, in 
which case k — 2p + 1. It follows that 

(5.32) if 2 k ~ p does not divide d/r 2 then p = 0, k is odd, and k — 1 = P 2 (d/r 2 ). 

Suppose next that d/r 2 is divisible by 2 k+2 . Then d/r 2 is also divisible by 2 k ~ p , and so if 
we choose k + 2 (respectively, k — p) = 2s or 2s — 1 (respectively, 2 1 or 2t — 1), according to 
the relevant parities, we find that 

c 0 = 2 fc " s+1 , ci = 2 k - p ~ t ~\ 

hence from (5.31) it follows that s = t, obviously impossible. Thus 

(5.33) d/r 2 is not divisible by 2 k+2 . 

We can now prove that p = 0, k is odd,and k — 1 — p 2 (d/r 2 ). In light of (5.32) this will be 
done by showing that 2 k ~ p does not divide d/r 2 . In order to do that, we observe first that 
from (5.30) it follows that 

(5.34) for each element r of the set of solutions of (5.21) with i = 1 and ei = k — p 
that are pairwise incongruent mod 2 k ~ p ~ l and j G {0,1,..., 2 p+2 5 — 1}, there 
exits an element t' from the set of solutions of (5.21) with i — 0 and eo = k + 2 
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that are pairwise incongruent mod 2 k+l and t G {0,1,,.., 2 P+1 — 1} such that 
r' = T + t- 2 k ~ p + 2 k - p ~ 1 a 1 m 1 j mod 2 k+1 . 

Suppose now that d/r 2 is divisible by 2 k ~ p . Then if k — p = 2w or 2w — 1, the solutions 
of (5.21) with i = 1 as in (5.34) can be taken to be 

(5.35) s ■ 2 W , s G {0,..., 2 k - p ~ w ~ 1 - 1}. 

By virtue of (5.33), if 2/i = p 2 (d/r 2 ) and d/r 2 = d 1 ■ 2 2p , then the solutions of (5.21) with 
% = 0 as in (5.34) can be taken as in (5.25) and (5.26). 

Assume first that p < k — p. If we set s = 0 in (5.35) and j = 2 P+1 in (5.34), then we find 
rj as in (5.26) and integers t and u such that 

(5.36) t • 2 k ~ p ~ p + 2 k - p a 1 m 1 = p + u ■ 2 k+2 ~ 2p mod 2 k+1 ~ p . 

Now it follows from (5.31) that k — /i > w — 2. Since k — p > 2 , w must be at least 2 , hence 
k — n > 0. But k ^ n since p is nonnegative. We thus conclude from (5.36) that r/ is even, 
hence by(5.26) so is di, contradicting the fact that 2/i = /i 2 {d/r 2 ). 

We conclude that k — p < p. If k — p > 4 then we can take s — 1 in (5.35) and j = 0 in 
(5.34) to find integers rj,t, and u so that 

1 + t- 2 k ~ p ~ w = 2 P ~ W ■rj + u ■ 2 k+2 ~ p ~ w mod 2 k+1 ~ w . 

Since p > 2w — 1, k + 2 — p > p, k — p — w > w — 1, k + 1 — w > w and w > 2, this 
congruence yields another contradiction. Finally, if k — p = 3, we must take s — 0 in (5.35) 
and so if we choose j — 1 in (5.34), we obtain integers 77 , f, and u for which 

2 1 + aimi = 2 P ~ 2 • r j + u- 2 k ~ p mod 2 k ~\ 

Because w = 2, we have p> 3 and k — p > p — 1 >2, and since apmi is odd, this congruence 
also is impossible. It follows that 2 k ~ p does not divide d/r 2 . 

Because p = 0, k is odd, and k — 1 — p 2 (d/r 2 ), it follows from (5.31) that Jsi = so and so 
6 and d/r 2 satisfy the conditions specified in (5.2). 

Finally, we deduce from the fact that Q 0 7 ^ 0 that d/r 2 G Q(2 k+2 aim), hence in particular, 
d/r 2 G Q(m)nQ(2 k ). Now, as Gauss points out in [ 1 , articles 102 and 103], the even integers 
in Q(2 k ) consist precisely of 0 and the integers z which satisfy the following conditions: if 
p = p 2 (z) then either p > k or p is even, 0 < p < k, and z/2 p = 1 mod 8. As k is odd, 
k — 1 = p 2 (d/r 2 ), and d/r 2 G Q(2 k ), it hence follows that d/(r 2 ■ 2 fc “ 1 ) = 1 mod 8. We have 
verified (5.4). QED 

We now state and prove the converse of Lemma 5.1, after retaining the notation as specified 
in the statement of that lemma. 
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Lemma 5.2. If condition (5.1) holds and either k = 0 and the conclusion of (5.2) holds, or 
k = 1 and the conclusion of (5.3) holds, or k > 2 and the conclusion of (5.4) holds, then 
0^Q = T. 

Proof. Suppose (5.1) is true. If Q o and Q i are defined as before then Q = Qi and T = Q 0 , 
and so under each of the hypotheses in Lemma 5.2, we must prove that 

(5.37) 0^Q i= Q 0 . 

As in the proof of Lemma 5.1, we divide the reasoning into the cases which are determined 
by the possible values of k. 

Case IV. Assume to begin with that k = 0 and the conclusion of (5.2) is true. Because 
(2oi, m) = 1 and djr 2 G Q(rn), we conclude from the exact form of the quadratic formula 
that Qo 7 ^ 0 7 ^ Qi- 

If 6 = 1 then m = m i, and so (5.37) is trivially true. Hence assume that 6 > 1; then 6 
also satisfies the conditions as specified in (5.2). Letting E 0 and Si be defined as before in 
this case, we have that So ^ 0 ^ Si , hence we must prove, by virtue of Lemma 3.2, that 

(5.38) S 0 = {a+jmi : o G Zq, j'e{0,...,5- 1}}. 

Since S 0 is clearly contained in the set on the right-hand side of (5.38), we need only verify 
the reverse inclusion. 

Let pf 1 ■ ■ -pt be the prime factorization of m\. It follows from the conditions satisfied by 
6 that m and mi have the same prime factors, and if pf 1 • • • pf' is the prime factorization 
of m, then whenever p, is a common prime factor of 6 and mi, we have that a* is even, 
f3i = oti — 1 and pf l divides d/r 2 , and whenever p, is a factor of m\ that is not a factor of 5, 
then oti = f3i- As in the proof of Lemma 5.1, let P 2 and P 3 denote, respectively, the set of 
common prime factors of 6 and m\ and the set of prime factors of m \ which are not factors 
of <5. 

Let <7 G Hi and j G {0,1,..., 5 — 1}; we will find o' G S 0 such that 

(5.39) o' = o + jm,\ mod ru¬ 
in order to do that, we first find a solution x t of x 2 = d/r 2 mod (pf l ) such that 

(5.40) o = Xi mod pf l , i — 1,..., t. 

Next, for each prime /y G P 2 , we find qi G Z such that 

(5.41) o = Xi + qip/f mod pf' 1 . 

We now claim that 

(5.42) for each p t G P 2 , there exists a solution x\ of x 2 = d/r 2 mod p// 1 such that 
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x\ = Xi + + jrrii mod pq z . 

If (5.42) is true then we find o' G S 0 such that 


(5.43) 

o' = x'i mod p°/\ if Pi G P 2 , 

(5.44) 

o' = Xi mod p / % , if pi G P 3 . 


After observing that mi is divisible by p/' 1 whenever p, G P 3 , it follows from (5.40)-(5.44) 
that 

o' = o + jrrii mod p/\ i = 1 ,..., t, 

and this yields (5.39). 

In order to establish (5.42), we fix p t — p E P 2 , set q = q% and let cq = 2s, /3* = 2s — 1. 
Since d/r 2 is divisible by p 2s , the solutions of x 2 = d/r 2 mod ( p 2s ) and x 2 = d/r 2 mod (p 2s_1 ) 
are given, respectively, by 

(5.45) [ip s : % G {0,1,... ,p s — 1}}, 

(5.46) {ip s : i G {O ,...,^ 8 - 1 - 1}}. 

Let % e {0,... ,p s_1 — 1}. Then in view of (5.45) and (5.46), (5.42) will be true if we can 
find v G { 0 , 1 ,..., p s — 1 } such that 

(5.47) ip s + qp 2s ~ l + jrrii = vp s mod p 2s . 

But that can be done by first observing that m\ is divisible by p s , and so there is a u G Z 
such that 

(5.48) m\ = up s mod p 2s . 

Now simply choose v G {0,1,... ,p s — 1} such that 

i + qp s ~ 1 + ju = v mod p s , 

multiply this congruence by p s , and substitute (5.48) into the congruence that results to 
obtain (5.47). This verifies (5.38). 

Case V. Suppose next that k — 1 and the conclusions of (5.3) are true. Since b\ is odd 
and either U\ or c 3 is even, it follows that d/r 2 = 1 mod 8 , hence d/r 2 G Q( 8 ). Since by 
hypothesis we also have that d/r 2 G Q(m), and b\ determines a solution of (5.14) and (5.15), 
it is a consequence of the recipe for the construction of the elements of So and Si for this 
case that S 0 ^ 0 ^ S^ In order to verify (5.37), we must, as per Lemma 3.2, show that for 
each <7 G S) and j G {0,1,..., 25 — 1}, there exists o' G S 0 such that 

o' = o + 2 a i rn i j mod 4aim, 
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and this will hold if we in turn prove that 

(5.49) for each element r from the set of solutions of (5.17) that are pairwise incon- 

grunt mod 2 and each j G {0, 1,... ,25 — 1}, there exists an element t' from 
the set of solutions of (5.13) that are pairwise incongruent mod 4 such that 

t = r + 2a x rn\j mod 4, 

and 

(5.50) for each solution /i of (5.18) and j G {0,1,..., 25 — 1}, there exists a solution 
yii' of (5.16) such that 

[i = fi + 2a\rri\j mod m. 

It follows from the hypothesis on 5 and our previous reasoning that (5.50) is valid. In 
order to verify (5.49), we first observe that d/r 2 is odd, hence in (5.49) r is either 1 or 3 and 
t' is either 1 or 3, 1 or 7, 3 or 5, or 5 or 7. Thus for any allowable r and j, 

t + 2a\rri\j = 1 or 3 mod 4, 

and so there is an appropriate r' which makes (5.49) true. 

Case VI. Suppose finally that k > 2 and the conclusion of (5.4) is true. Because k is odd, 
k — 1 = fi 2 (d/r 2 ), and d/ (r 2 • 2 fc ~ 1 ) = 1 mod 8, it follows that d/r 2 G Q{2 k+2 ). This together 
with the assumption d/r 2 G Q(m) implies that E 0 ^ 0 / Si in this case. Hence we must 
prove that for each o G Id and j G {0, 1,..., 45 — 1}, there exists o' G £ 0 such that 

o' = o + 2 k ~ 1 a\mij mod 2 fc+1 aim, 

and this in turn will be so if (5.50) holds with 4 5 and 2 k ~ l a\m\j in place of 25 and 2a\rri\j 1 
respectively, and if 

(5.51) for each £ G {0,1}, for each j G {0,1,..., 45 — 1}, and for each element r from 

the set of solutions of (5.21) with i = 1 and e\ = k that are pairwise incongru- 
net mod 2 fc_1 , there exists an element t' from the set of solutions of (5.21) with 
i = 0 and eo = k + 2 that are pairwise incongruent mod 2 k+l such that 
t' = t + £- 2 k + 2 k ~ 1 a 1 m 1 j mod 2 k+1 . 

But (5.50) as modified holds by the same reasoning as before, so we need only verify (5.51). 
To that end, let 2 /i = n 2 (d/r 2 ), di = d/(2 2fJ, r 2 ), and so k — 2/x + 1. Verification of (5.51) 
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requires showing that for each i G {0,..., 1 — 1}, £ G {0,1}, and j G {0,1,..., 45 — 1}, 

there is an s G {0,..., 2^ _1 — 1} and a solution r/ of t/ 2 = d\ mod 8 such that 

(5.52) 2^ + i • 2 Al+1 + £ • 2 2 ^ +1 + 2 2fl a 1 m 1 j = rj ■ 2» + s • 2 ^ l+3 mod 2 2/i+2 . 

Because d\ = 1 mod 8 , r/ can be either 1, 3, 5, or 7, hence this congruence will be satisfied 
for i, e,j, s, and 77 as specihed if there exist an s as specified and rj' G {0,1, 2, 3} such that 

i + e ■ 2 M + 2 M_1 aimij = 77 ' + 4s mod 2 M+1 . 

Observe now that as 7/ and s vary independently over all elements of 

{0,1, 2, 3} and {0,..., 2 ** -1 - 1}, 

respectively, rf + 4s varies over all elements of {0,1,..., 2 M+1 — 1}, and this last set is a 
complete set of residues mod 2 Al+1 . If i,£, and j are chosen as specihed it thus follows that 
an appropriate rj and s can be found so that (5.52) is true. Hence (5.37) is also true. QED 


6. The Main Theorem, Corollaries, and Examples 

Lemmas 3.6, 4.1, 5.1, and 5.2 now supply a proof of the following theorem, the principal 
result of this paper. 


Theorem 6.1. Let a,b,c,n G Z, with n > 2 and a not divisible by n. If r = ( a,n ), k = 
multiplicity of 2 in n/r, m = n/(2 k r), 5 = ( m,r ), and d = b 2 — 4ac then IQF is valid for 
ax 2 + bx + c = 0 mod n if and only if either 
(a) d is a quadratic non-residue of n, or 

(■ b ) d is a quadratic residue of n and exactly one of the following mutually exclusive con¬ 
ditions holds: 

(i) there exists a prime factor p of 2a such that if f3 = multiplicity of p in 2a and 


a = 


multiplicity of p in Aam, if k — 0,1, or 2, 
multiplicity of p in 2 k am, if k > 3, 


then 1 < f3 < a, b is divisible by p, d is divisible by p 2 , and ( p a ) p^) forms a (5, d)-obstruction; 

(ii) k = 0, b and c are divisible by r, d/r 2 is a quadratic residue of m and either 6 = 1 or 
5 is the product of distinct odd primes pi,... ,p t , each prime p.i has even multiplicity mi in 
m, and d/r 2 is divisible by the product p'f 1 ■ ■ ■p'f lt ; 

(Hi) k = 1, b and c are divisible by r, bjr is odd, either a/r or c/r is even, and d/r 2 and 
5 satisfy the conditions specified for them in (b)(ii); 

(iv) k > 3, r and k are odd, b and c are divisible by r, k — 1 is the multiplicity of 2 in 
d/r 2 , d/(r 2 ■ 2 fc_1 ) = 1 mod 8, and d/r 2 and S satisfy the conditions specified for them in 
(b)(ii). 
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Remark. The condition “d/r 2 is a quadratic residue of m” in Theorem 6.1 (b)(ii)-(iv) 
may be replaced there by the condition “d/r 2 is a quadratic residue of m/5". 

The following corollaries of Theorem 6.1 give necessary and sufficient conditions for the 
validity of 1QF in the interesting special case of a prime-power modulus. We note incidentally 
that if p is an odd prime and i G Z + , then (2a, p 1 ) = 1 if and only if (a,p) = 1, hence we 
may suppose that (a,p) > 1 in this case. We also maintain the notation used in Theorem 
6.1. 

Corollary 6.2. Let p be an odd prime, i G Z, i > 2. If ( a,p l ) = p l , 1 < l < i, then IQF is 
valid for 

ax 2 + bx + c = 0 mod p l 

if and only if either 

(a) d is a quadratic non-residue of p 1 or 

(b) d is a quadratic residue of p l and exactly one of the following mutually exclusive con¬ 
ditions holds: 

(■ i ) l > 1, b is divisible by p, and (p\p l ) forms a (b, d)-obstruction; 

(ii) l — 1, i is odd, b and c are divisible by p, and d is divisible by p l+1 . 

Proof. We have that m = p l ~ l and k — 0 in the hypotheses of Theorem 6.1. Thus IQF is 
valid for ax 2 + bx + c = 0 mod p l if and only if (a), (b)(i), or (b)(ii) of that theorem holds. 

Let q be a prime factor of 2 a and let a = p q (4am) = p q (4ap l ~ l ), (3 = p q (2a) and p — / 42 (a)- 
If q = 2 then a = p + 2, j3 — p + 1, and if q — p then l = p p (a ), and so a — i, (3 = 1. If 
p ^ q ^ 2 then a = p q (a/p l ) = (3. It follows that condition (. b)(i) of Theorem 6.1 can hold 
only if the prime there is either 2 or p. We will prove that it cannot be 2. 

Suppose that it is. Then, in particular, (2 M+2 ,2^ +1 ) forms a (b, d)-obstruction, i.e., either 
(ib)(iii ) or ( b)(iv) of Proposition 3.3 must hold for this pair. 

Assume that (b)(iii) of Proposition 3.3 holds. Then 2^ +2 does not divide d, and if 2v = 
P 2 (d), d\ = d/2 2v , and S is the set of all solutions of x 2 = d\ mod 2 fl+2 ~ 2u , then 

(6.1) b^a-2 u + i- 2 ^ 2 ~ v mod 2^ +1 , V a e S, Vi e {0,1..., 2 V — 1}. 

As p + 2 = p 2 (4a), b 2 = d mod 4a, and 2 V < p + 2, it follows that 2v = p 2 (b 2 ), and so 
v = p 2 (b). Letting b\ = b/2 V , we conclude that 

bl = d, mod 2^ 2 ~ 2v . 

Hence there exists ueS such that 

b 2 = cr ■ 2 U mod 2^ 2 ~ v . 

But then for some i G {0,1..., 2 V — 1}, 

b = a-2 v + i- 2 ^ +2 ~ u mod 2^+ 2 , 
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and this contradicts (6.1). 

We conclude that (b) (iv) of Proposition 3.3 must hold, i.e., 2 Al+2 divides d, and if /i+2 = 2s 
or 2s — 1 then 

(6.2) b^i-T mod 2 /i+1 , Vi e {0,1,..., 2^ +2 -' - 1}. 

But 2 M+2 also divides b 2 , hence /x 2 (&) > s, and so we can find i E {0,1,..., 2 Al+2_s — 1} such 
that 

b = i ■ 2 s mod T +2 , 

which contradicts (6.2). It now follows that either (a) or (b)(i) of Theorem 6.1 holds if and 
only if (a) or ( b)(i) of Corollary 6.2 holds. 

We determine next when ( b)(ii ) of Theorem 6.1 is valid. We have r = p l , so 6 = (■ m,r ) = 
pmm{i,i—i} > p Hence S is a product of distinct prime factors and every prime factor of 5 has 
even multiplicity in m = p l ~ l if and only if / = 1 and i is odd. But if / = 1 then r = p, and 
so the remaining requirements in (b)(ii) of Theorem 6.1 will hold if and only if b and c are 
divisible by p and d is divisible by p l+l . Thus ( b)(ii ) of Theorem 6.1 is valid if and only if 
(b) (ii) of Corollary 6.2 is also. QED 

Corollary 6.3. If i E Z + and (a, 2*) = 2 l , l <i then IQF is valid for 

ax 2 + bx + c = 0 mod 2* 

if and only if either 

(a) d is a quadratic non-residue of 2* or 

(ib) d is a quadratic residue of 2 l and exactly one of the following mutually exclusive con¬ 
ditions holds: 

(i) l > 0, i > l + 3, b is even, and (2\2 l+1 ) forms a ( b,d ) obstruction; 

{ii) i — l + 1, b and c are divisible by 2 l , b/2 l is odd, and c/2 l is even; 

(in) a is odd, i is odd and at least 3 , and i — 1 is the multiplicity of 2 in d. 

Proof. We have r — 2 l , m — 5 — 1, and k — i — l > 1 in the hypotheses of Theorem 6.1, 
and so IQF is valid for ax 2 + bx + c = 0 mod 2* if and only if (a), (b)(i), (b)(iii), or (b)(iv) 
of that theorem holds. 

Suppose that l = 0, i.e., a is odd. If t E Z + , p is a prime factor of 2a, a = fx p (2 t a), and 
/3 = n P (2a), then either (d — 1 (if p — 2) or a — (if p is odd). Hence (b)(i) of Theorem 6.1 
cannot hold in this case. 

If t E Z + and p is an odd prime factor of 2 a then p p (2a) = p p (2 t a), and so ( b)(i) of 
Theorem 6.1 will be valid only if l > 0 and the prime there is 2. Since l = 112 (a), we have in 
this case that 

1</ + 1 = Up(2a) < l + t — ^ 2 ( 2 * 0 ), t >2. 
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Consequently, if i — l + 1 or l + 2 then a — l + 2, f3 — l + 1 in (b)(i) of Theorem 6.1, and so 
this condition can hold only if (2 l+2 ,2 l+1 ) forms a (b, d)-obstruction, which is impossible, as 
we showed in the proof of Corollary 6.2. We conclude that (b)(i) of Theorem 6.1 is equivalent 
to condition (b)(i) of Corollary 6.3, and we clearly have ( b)(iii) of Theorem 6.1 and ( b)(ii ) 
of Corollary 6.3 equivalent. 

If i > l + 2 then ( b)(iv ) of Theorem 6.1 is true if and only if l — 0, i is odd, i — 1 = /a 2 (d), 
and d/2 1 ^ 1 = 1 mod 8, and this is equivalent to ( b)(iii ) of Corollary 6.3. QED 

We close onr discussion with the following table, which lists some simple examples of 
congruences q(x) = 0 mod n for which IQF is valid, and shows that none of the conditions 
stated in Theorem 6.1 or Corollary 6.2 or 6.3 can be deleted. 

Table 1. Examples of IQF 


q{x) 

n 

Justification of IQF 

3x 2 + 1 

9 

Theorem 6.1(a), Corollary 6.2(a) 

x 2 + x + 1 

8 

Theorem 6.1(a), Corollary 6.3(a) 

18x 2 + 18a; + 1 

27 

Theorem 6.1 (&)(*), Corollary 6.2(6) (i) ((b)(in) of 
Proposition 3.3 satisfied) 

9a; 2 + 3a; + 1 

27 

Theorem 6.1(6)(i), Corollary 6.2(b)(i) (( b)(iv) of 
Proposition 3.3 satisfied) 

8x 2 + 2x + 1 

64 

Theorem 6.1(6)(i), Corollary 6.3 (b)(i) ((b)(iii) of 
Proposition 3.3 satisfied) 

3a; 2 + 6a; + 3 

27 

Theorem 6.1 (b)(ii), Corollary 6.2 (b)(ii) 

x 2 + X 

2 

Theorem 6.1 (b)(iii), Corollary 6.3 (b)(ii) 

x 2 + 2x 

8 

Theorem 6.1 (b)(iv), Corollary 6.3 (b)(ni) 
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